resource "alicloud_security_group" "main" {
  name                = "${var.sg_name}-sg"
  vpc_id              = var.vpc_id
  security_group_type = var.sg_type
  inner_access_policy = var.sg_access_policy
  resource_group_id   = var.sg_resource_group_id
  description         = var.sg_description
}

resource "alicloud_security_group_rule" "ingress_rule" {
  count             = length(var.inbound_rules)
  type              = "ingress"
  nic_type          = "intranet"
  policy            = "accept"
  cidr_ip           = element(var.inbound_rules[count.index], 0)
  port_range        = element(var.inbound_rules[count.index], 1)
  ip_protocol       = element(var.inbound_rules[count.index], 2)
  security_group_id = alicloud_security_group.main.id
  description       = element(var.inbound_rules[count.index], 3)
}

resource "alicloud_security_group_rule" "egress_rule" {
  type              = "egress"
  policy            = "accept"
  cidr_ip           = "0.0.0.0/0"
  port_range        = "-1/-1"
  ip_protocol       = "all"
  security_group_id = alicloud_security_group.main.id
}


